Hello Auth0 Community,
I’m currently working on a Next.js 14 app router project where I need to implement Role-Based Access Control (RBAC) for user permissions. I’m using Prisma for database interactions and Auth0 for authentication. While I couldn’t found any resources on setting up RBAC with Auth 0 and Prisma\ for App router.
Compared to other authentication providers, it seems like there might be less guidance available for this specific setup.
Could anyone provide insights or point me to relevant documentation/examples on how to implement RBAC in a Next.js application using Auth0 for authentication and Prisma for database interactions for Next 14 app router ? Previously i have worked on page router and it works well but i feel auth 0 doesn’t update accordingly to the trend.
Any help or guidance would be greatly appreciated. Thank you!
3 Likes
Did you end up figuring this out? I’m not using Prisma (yet) but im about to configure my RBAC, so I’d like to compare notes. My current plan is to handle it all through the Next.js middleware, checking for the Auth0 user and their associated role before allowing their request to proceed.
Hi Richard, yes, I’ve implemented RBAC in my Next.js 14 project using Auth0. I’ve shared a detailed example of my implementation, including code snippets, on my LinkedIn post.
You can check it out here: (Thaarmah Kannan on LinkedIn: #nextjs14 #approuter #auth0).
1 Like
Great job! Not to oversimplify the hard work you did, but is it fair to summarize your code snippet by saying that you basically check the user role in Auth0 and, if the user role doesn’t match the route they’re trying to access, you redirect them to the login screen?
Yes, that’s a good summary of what my implementation does! The middleware checks the user’s role from Auth0 and compares it to the route they’re trying to access. If their role doesn’t match the required permissions, they’re redirected to the login screen (though this could also be changed to an error or forbidden page). I have implemented PKCE Auth 0 for chrome extension to connect with this system as well but it was separate files and implementation
1 Like
Cool! I’ll keep this setup in mind as I get mine up and running. I currently manage roles in my MongoDB users collection instead of Auth0, but I think the general process is still the same.
Thanks for sharing!